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ABSTRACT : 

The specification describes a Graphically Used Expert System Tool, which 
is a computer program which enables a non-computer literate expert (the 
developer) to develop an expert system for non-expert users. A plurality 
of standardized data records and screen displays are linked together by 
the developer using simplified entry blanks and standardized icons which 
implement program functions. The developer enters segments of knowledge, 
which may be statements or questions on each data record, and links it to 
one to six other data records to form a disjoin logic set. The plurality 
of knowledge segments and the way in which they are linked together as 
exit option actions form a cognitive map which represents the natural 
thought process of the expert developer, thus eliminating the need for 
traditional deep thought analysis or "if then" inference rules and logic. 
By providing DOS commands, ARC commands, ARC variables or List processing 
at each exit option, the developer is provided with a tool which will 
invoke one or more of a plurality of functional program objects in 
response to a single user selection. 
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ABSTRACT : 

A method for a sender to automatically distribute information to a 
receiver on a network using devices (such as printers and facsimile 
machines) and communication channels (such as electronic mail) defined in 
a receiver profile. The receiver profile establishes the properties and 
mode for receipt of information for receivers on the network and the 
profile is published in a network repository for all network users or is 
accessible by selected groups or individuals on the network. Receivers *; 
have additional control over network senders by defining an informlte;^^ 
filter which further controls sender channel access (to a receiver) by" 
defining some channels as having priority of access such as direct or 
delayed access, as well as selectively permitting senders to override the 
receiver profile. Consequently, receiver profiles provide a variable 
receiver definable link to senders using multiple forms of media as well 
as multiple hardware platforms and network configurations. 
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ABSTRACT: 

Apparatus for an integrated architecture for an extended multilevel 



secure database management system. The multilevel secure database 
management system processes security constraints to control certain 
unauthorized inferences through logical deduction upon queries by users 
and is implemented when the database is queried through the database 
management system, when the database is updated through the database 
management system, and when the database is designed using a database 
design tool. 
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ABSTRACT : 

A method and computer system are disclosed for determining the access 
privileges currently held by a database user with respect to objects in 
the database. The steps of the method are: (a) requesting a determination 
of those objects to which a given user has access privileges; (b) 
automatically determining those objects to which the user has direct 
access privileges; and (c) automatically determining those objects to 
which the user has indirect access privileges. This last step (c) is 
accomplished by (1) automatically determining all access groups to which 
the user belongs; and (2) automatically determining those objects to 
which those access groups, determined in step (1) , have access 
privileges . 
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ABSTRACT : 

A security access management system for a packet switched data 
communications network has access management apparatus operatively 
associated with the packet switches at each entry point of the network. 
The access management apparatus includes an administrative host processor 
for examining user terminal authorization information in packets received 
at the associated packet switch for transmission through the network to 
destination addresses for the packets. A database associated with the 
administrative host stores information including levels of authorization 
of the user terminals for the respective entry point of the network for 
access to specified destinations, as pre-assigned by the network 
customer. Also included in the access management apparatus is a 
validation host processor which responds to comparisons between the user 
terminal authorization information contained in the packet and the 
pre-assigned level of authorization for the same user terminal, and, if 
they correspond, to grant access by that user terminal through the 
associated packet switch to the destination address with which a 
communication session is requested; or, if they differ, to deny such 
access. The access management apparatus is located remote from the user 
terminals using the particular entry point for the network. 
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SUMMARY: 

BSUM(24) 

(e) . . . the GUI in response thereto. This feature of the invention 
allows the non-computer literate expert to create a relatively complex 
**relational** **database** structure with forward and backwards chaining 
with no knowledge of the script commands or code needed to create the 
data. 

DETDESC : 

DETD (6) 

The database manager 12 is preferably a **relational** **database** , but 
may also be a B-tree database, a network database, a hierarchal database, 
a series of seeks, or a flat file database. A **relational** **database** 
will provide the smallest and most compact data structure. 

DETDESC : 

DETD (88) 

The • • • u se of common encryption algorithms such as the DES, data 
encryption standard, or other algorithms as discussed in Privacy and 
^Authentication** : An Introduction to Cryptography by Diffie and 
Hellman, IEEE, Vol. 67, No. 3 March, 1979. 

CLAIMS : 

CLMS (28) 

28. An information processing system as claimed in claim 1 wherein said 
first means is selected from the group of: a **relational** **database* * , 
a B-tree database, a network database, a hierarchal database, a series of 
seeks, or a flat file database. 
=> d kwic 2- 
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Xerox Corp., Stamford, Conn April 1 c T anngh ° USe Protocol, 

Protocol, Xerox Corp., Stamford conn" ; ^f^ 78404 ' "Authentication 
Protocol, xerox Corp Stamford r ' ^ 1984 ' X SIS-098404; Filina 
example of. . . * ' Stamford ' ^nn., May 1986, XNSS-108605. Another 
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SUMMARY: 



BSUM(26) 

The ... a query processor is shown in FIG. 2. This architecture can 
be regarded as a loose coupling between a multilevel **relational** 
**database** management system and a deductive manager. The deductive 
manager is referred to as the query processor. It operates on-line. 

SUMMARY: 

BSUM(27) 

An . the update processor is shown in FIG. 3. This architecture 

can be regarded as a loose coupling between a multilevel **relational** 
**database** management system and a deductive manager. The deductive 
manager is referred to as the update processor. It can be used. 

DETDESC: 

DETD (52) 

The ... a limited set of inference strategies. Nevertheless it is a 
useful prototype which enhances the security of existing multilevel 
secure **relational** **database** management systems. In this section, 
we discuss the techniques that we have used to implement the security 
policy. They are:. 

DETDESC : 

DETD (54) 

Query . . . been used in the past to handle discretionary security 
and views. Stonebraker, M. , and E. Wong, 1974 j, "Access Control in 
**Relational** **Database** Management Systems by Query Modification," 
Proceedings ACM National Conference, New York, N.Y. This technique has 
be en extended to include mandatory. 

DETDESC : 

DETD (88) 

(ii) The second alternative is to augment a **relational** **database** 
management system with a theorem prover implemented in Prolog. The 
advantages of augmenting a **relational** **database** system with an 
inference engine are discussed in Li, D., 1984, A Prolog Database 
System, Research Studies Press, John Wiley. 



DETDESC: 



DETD (89) 

(iii) As the third alternative, we considered an architecture where a 
multilevel **relational** **database** system was augmented with an 
inference engine. Such an architecture would be useful as the 
multilevel **relational** **database** system would ensure the 
enforcement of a basic mandatory security policy. The inference engine 
then needs to implement only the. 

DETDESC: 

DETD (92) 

Once we had settled on the architecture, the next task was to select a 
multilevel **relational** **database** system for the implementation. 
After investigating the various systems that were available, we selected 
the Secure SQL Server Sybase Inc 

DETDESC: 

DETD (107) 

This . . . security level from the user. Since we assume that the 
operating system is secure, we rely on the identification and 
**authentication** mechanism provided by the operating system. Due to 
this feature, PI need not be a trusted process. It operates at. 

DETDESC: 

DETD (279) 

An . should be handled during query and update processing 

Stachour, P., and B. Thuraisingham, June 1990, "Design of LDV--a 
Multilevel Secure **Relational** **Database** Management System, " IEE 
Transactions on Knowledge and Data Engineering, Volume 2, No. 2. However, 
none of the work reported so. 
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SUMMARY: 
BSUM(20) 

An "rdb" is an acronym for " **relational** **database** " . 



SUMMARY: 
BSUM(40) 

The . . . directly in some other way. For example, rather than 
displaying the access privileges, these privileges may be used as an 
**authentication** mechanism, giving the user direct access to the 
objects he or she specifies. Alternatively, the information can be used 
for. 

DETDESC: 
DETD ( 6 ) 

Specifically, the Database Manager is a database management system 
(hardware and software) that supports a **relational** **database** model 
in which all data is viewed as a collection of tables. The Database 
Manager provides a relational command processor. . . and export of 
data from and to another computer system; and a system for backup and 
restoration of an individual **relational** **database** table, and for 
maintenance . 

DETDESC : 

DETD (26) 

In . . . the name is followed by a blank. The default value is " *". 
The term "rdb" in the table stands for " **relational** **database** 11 . 
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SUMMARY: 
BSUM(16) 

U.S. . . . a PIN, are encrypted using a session key which itself is 
decrypted using a master key, and then a message **authentication** code 
is computed using the same session key for other data elements of the 
message. An acquirer station with which. 
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DETDESC: 
DETD (5) 
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DETDESC : 
DETD (6) 
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CLAIMS : 



CLMS (7) 



7. . 

terminals and host computers on demand by authorized users, 
installing in association with said network an access management host 
computer and **relational** **database** designating authorized users 
and their attributes and destination addresses to which the various 
users are authorized access based on said. . . and issuing 
instructions respecting establishment of connections and disconnections 
to the respective switch means based on information contained in said 
**relational** **database** , and 
providing a data link between said access management host computer and 
each of said switch means for communication of access. 



